Readers of this blog won’t be surprised by the idea that there’s a lot of ransomware out and about these days.
Exactly how much depends on which source is used as a reference point, but perhaps fretting about numbers and whether they’re increasing is to miss the point. What matters most is how we measure the scale of the human and economic damage being caused.
For that, we’re forced to fall back on an ever-expanding body of anecdotal evidence that some quite sizable organizations are suffering at the hands of a phenomenon that shows no sign of subsiding.
Recent Ransomware Attacks
Take, for example, U.K. company KNP Logistics, whose administrators recently blamed a June attack by the Akira ransomware for the company declaring insolvency. Most of the 730 people employed by the company will now lose their jobs. While it seems that ransomware wasn’t the only factor causing its troubles it’s plausible that this event tipped a struggling company over the edge.
Or, less dramatically but still notably, what happened to U.K. mobile operator Lyca Mobile, which suffered an unconfirmed but suspected ransomware attack in late September, which it was still struggling to cope with a fortnight later.
Customers across multiple countries were affected, with a variety of problems reported. Some of these were unprecedented for a U.K. virtual network operator (MVNO) reselling the giant EE mobile network. For instance, there were intermittent failed calls and texts, failed account renewals, and an inability to issue port authorization codes (PACs) so that customers could migrate to another network.
Meanwhile, accounts became temporarily unavailable as the company’s app and website logins stopped working. The company admitted it had suffered a data breach. Lyca Mobile will recover in time, but regulators might want to consider whether other MVNOs across the world are vulnerable to similar disruption. That a company with a reported 16 million customers can find itself in this situation is troubling.
The ultimate cautionary tale illustrating how things can go badly wrong is that of major U.K. currency exchange Travelex. It went into bankruptcy three years ago after a ransomware attack several months before. At the time, this was a first.
These incidents act as a counterpoint to the notion that, by and large, organizations have adapted to ransomware as just another cost of business by investing in better incident response and by buying cybersecurity insurance with ransomware coverage.
This is true up to a point—organizations going out of business are still the exception. But there’s also a tendency to see those falling victim as somehow negligent, even if nobody wants to spell that out.
This might be to misread the evidence. Organizations go out of business or are taken over all the time and cyberattacks (especially ransomware) now play a part in at least some of those failures, not always in ways that are made public. Any organization that’s struggling for other reasons is at risk. There’s no predicting which organization might be the next to be driven over the edge by ransomware, but as attacks grow in destructiveness it’s an unsettling possibility that we might only be at the start of this new era.